RE: Checkpoint SmartDefense

• Previous message: THolman_at_toplayer.com: "RE: Router/Switches and viruses"
• Maybe in reply to: Fergus Brooks: "Checkpoint SmartDefense"
• Next in thread: Dimitrios Patsos: "RE: Checkpoint SmartDefense"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: ferg@furg.net, focus-ids@securityfocus.com
Date: Thu, 19 May 2005 20:11:26 -0400

Hi Fergus,

SmartDefense is a very limited application in terms of real-world
protection, with a limited feature set and minimal protection against volume
based attacks.
As far as intelligence goes, Check Point do keep it up to date, but it's
limitations on Intel based platforms can quickly be seen in a test lab.
Afaik, Interspect is a streamlined version of SmartDefense with no FW-1
component. It has fared quite badly in customer deployments, not because of
the code, but because you cannot run high-speed IPS on PCI based hardware.
A SYN Flood of several megabytes will bring an Interspect box to its knees.
I'm not vendor bashing (I'm a CCSE in 4.1 and NG and advocate Check Point's
ease of use as a perimeter firewall and VPN solution), but as an IPS and
part of core infrastructure, the hardware simply isn't up to scratch.
It's only pro point is that it's easy to use. Tick a box, and away you
go...
These facts are refutable - I would happily setup a test environment to
prove this (as have done several times before!).

Regards,

Tim

-----Original Message-----
From: Fergus Brooks [mailto:fergwa@gmail.com]
Sent: 18 May 2005 12:10
To: focus-ids@securityfocus.com
Subject: Checkpoint SmartDefense

Hi all,

I am getting some mixed messages regarding this feature.

1) Does it detect zero day attacks in real time and
recommend/implement remediation

2) How intelligent is it?

3) Is it difficult to configure & maintain?

4) Is this feature different on the Interspect and standard FW-1 boxes

Any comments and real world examples greatly appreciated!

Thanks & regards.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

• Previous message: THolman_at_toplayer.com: "RE: Router/Switches and viruses"
• Maybe in reply to: Fergus Brooks: "Checkpoint SmartDefense"
• Next in thread: Dimitrios Patsos: "RE: Checkpoint SmartDefense"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Checkpoint SmartDefense ... > Subject: Checkpoint SmartDefense ... > I am getting some mixed messages regarding this feature. ... It can detect some attacks on the fly and stop them. ... SmartDefense however, can be very tricky to *tune*, but not to configure, as ... (Focus-IDS) Microsoft compiler flaw, Cigital responds ... Also of interest are various attacks against the ... We never made a claim that the use of the flawed /GS feature exposes code to ... relied on to improve software security. ... a classic criticism against Microsoft is ... (Bugtraq) Checkpoint SmartDefense ... I am getting some mixed messages regarding this feature. ... Does it detect zero day attacks in real time and ... Find out quickly and easily by testing it with real-world attacks from ... (Focus-IDS) RE: IDS Players? ... I have to chime in with a real-world example. ... We were pen-testing a client of ours and the Cisco IDS's they ... got us on 86% of the attacks, ... (Focus-IDS)